Situation

A mortgage loan verification processing company needed a Disaster Recovery Plan (DRP) as

required by their Private Equity Investment Management firm. I was initially engaged by the

company based upon my BCP and DRP experience with companies that included Tesco Fresh

and Easy, Avery Dennison, Alliance Data Systems, Georgia Pacific, IMERYS, and Fox Rent a

Car to provide specialist disaster recovery management expertise and advice, and to develop a

disaster recovery plan (DRP). The company hosted the IT infrastructure in an AT&T data center

environment with significant redundancy and failover capability at a location of over 200 miles

from the corporate headquarters. The IT systems environment included critical systems that

would result in the shut-down loan processing should they become unavailable for an extended

period of time.

After initial project scope discussions the client decided that they wanted to engage me in

developing Business Continuity and Disaster Recovery Plans.

Action

A Business Impact Analysis (BIA) was performed to as the first step in developing new business

contingency solutions. The BIA is the foundation on which the clients overall recovery and

resumption plan rests.

I worked closely with the company’s management to gain a deep understanding of the business

operations, key business processes, IT environment, recovery time objectives (RTO) and

recovery point objectives (RPO). We started with tough questions, such as:

What are the critical business processes?

What are the risks of their particular business?

How can the risks be quantified and qualified?

What unique needs must be considered to ensure that this business can endure a disaster?

What are the potential financial loses should a critical incident occur and how quickly

would the business need to recover from an incident?

How much loss can be tolerated?

What would you do if your employees couldn’t get to work?

What would happen if your customers couldn’t reach you for a few hours, days or even

weeks?

How would you deal with the loss of critical business data?

I performed numerous surveys, one on one and group interviews, documented the findings,

reviewed and validated with the client.

Response

Built and documented the plans

The critical functions, their recovery priorities, and their interdependencies were established so

that the recovery time objective (RTO) and recovery point objectives (RPO) could be set.

The requirements for IT service continuity were defined and documented. Strategies for

recovery, based on a number of outcome scenarios - such as loss of data center, system failure, or

denial of access to facilities – were defined.

Comprehensive plans were developed which defined key functions, such as communications,

recovery teams, documentation and contacts. The plan included references to underlying

procedures documentation and reference material that may be required.

Provided user training

Training and awareness of the plan and walkthrough strategies were completed through a series

of workshop-based scenario tests. The walkthroughs were successfully carried out with all team

members becoming fully trained in their roles. Refinements to the plan were made as a result of

these tests.

Performed BC and DR functionality tests

IT failover for production services were thoroughly tested including their secondary services.

Any anomalies were resolved and retesting was performed until all issues were resolved.

Business plans of action in the event operations disruption by events such as severe weather, fire,

earthquake, malicious activity, or electric utility disruption were tested.

Conducted user acceptance testing

Assembled a team of Subject Matter Experts for this activity to gain sign-off.

The Training Plan and training materials created during the Execute Phase were updated as

necessary.

Finalized the Business Continuity Plan that prescribes how to conduct business and serve clients

following a disruptive event, before restoration of services occurs. Finalized the Service

Recovery (aka Disaster Recovery) Plan detailing a plan of action in the event operations are

disrupted by events such as severe weather, fire, earthquake, malicious activity, or electric utility

disruption. Plans should include provisions to update and improve these plans at least annually,

or each time services or infrastructure undergoes major changes. Related activities may include

IT security classification, risk assessment, and compliance evaluation.

Delivered full final versions of the BCP and DRP

Handed the customer a complete set of customizable documentation in Word and PDF formats.

Enjoy all my articles at:

https://www.linkedin.com/today/post/author/posts#published?trk=mp-reader-h